none
FIM 2010 RRS feed

  • Question

  • Scenario -

    I had to send a mail notification when user is disabled or resigns from a organization and that user is the Owner of some of the security groups.

    My Approach - I tried creating a Set which containing criteria user is getting disabled after 5 days from today. Next set that i'm trying to create is of "Group" which had attribute name "Owner in above set" but this shows access denied. I'm unable to create this Set. 

    How to get the user who has resigned/disabled is group owner ?

    Please Suggest any other way of doing it or how this access denied could be overcomed...!!!

    Regards,

    R_Jasuja


    R_Jasuja

    Wednesday, July 18, 2012 1:09 PM

All replies

  • Guys..!!

    Please suggest over this. Its really important for me..

    Regards,


    R_Jasuja

    Tuesday, July 24, 2012 11:14 AM
  • Hi,

    What is the authoritative source for your data?

    What are you using to determine whether a user is disabled or resigns?

    How have you setup FIM to determine these states?

    Cheers

    Tuesday, July 24, 2012 11:55 AM
  • Hi ,

    Source - FIM portal

    Created first Set with  criteria- User Last working date.

    Trying to create a second Set with criteria for Group - whose owner is in the first set. (Getting access denied)

    3. How have you setup FIM to determine these states ? - Unable to get this.

    Regards, 

     


    R_Jasuja

    Tuesday, July 24, 2012 4:23 PM
  • You want to send an e-mail notification to someone / something when a user in the FIM portal becomes disabled and is an owner of one or more security groups?

    One way of doing this is to create an MPR with a transition set for when a user transitions from active to disabled. As part of that MPR you can create an action workflow that then flags/triggers an attribute on a user to later be identified by a powershell script. Then have a powershell script search for all users who have this flag (prehaps setup on task scheduler) and also query all groups owner attribute in context of the user who was disabled. e.g.:

    /Group[Owner={resource_id_of_disabled_user}]

    This would get you a list of all groups the user was an owner of for each user that was flagged.Finally, you would clear the flag so that the user wouldn't show back up in the search.

    This is a far from perfect solution, but should work

    Tuesday, July 24, 2012 5:03 PM